As reported on the Internet Storm Center site (http://isc.incidents.org) at
"bot" is traversing the Internet infecting MySQL servers installed on
Windows systems. Check out the description below:

"A "bot", exploiting vulnerable MySQL installs on Windows systems, has been
spotted. It infected a few thousand systems so far. Like typical for bots,
infected systems will connect to an IRC server. The IRC server will instruct
them to scan various /8 networks for other vulnerable mysql servers."

So if you have MySQL servers check out your firewall logs for the following
activity: